907 matches found
CVE-2026-10820
CVE-2026-10820 affects the WordPress plugin family “Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content” up to version 4.16.17. The root cause is lack of ownership verification when a subscription action is performed, allowing any authenticated u...
EUVD-2026-39946
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.16.17 does not verify that the user performing a subscription action owns the targeted subscription, allowing any authenticated user Subscriber+ to cancel other...
CVE-2026-53197
A flaw was found in the iptfs module of the Linux kernel. This issue, an ABBA deadlock, occurs when iptfsdestroystate attempts to cancel a timer while holding a spinlock that the timer's callback also tries to acquire. This circular dependency can cause the system to become unresponsive, leading ...
EUVD-2026-39288
In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: fix ABBA deadlock in iptfsdestroystate iptfsdestroystate calls hrtimercancel while holding a spinlock that the timer callback also acquires, leading to an ABBA deadlock on SMP systems. For the output timer iptfstimer...
CVE-2026-53124
A flaw was found in the ublk subsystem of the Linux kernel. When a ublk server fails to complete all I/O input/output operations, a per-I/O cancellation flag may remain set. This prevents the successful cancellation of outstanding I/O commands, potentially leading to resource exhaustion or a deni...
CVE-2026-56280
Cap-go contains a privilege inversion in the /build/logs/:jobId SSE handling prior to version 12.128.2. An abort listener on the SSE stream unconditionally calls cancelBuildOnDisconnect() using the server-side BUILDER_API_KEY, bypassing the app.build_native permission check required by POST /buil...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Prevent deadlock while disabling aRFS When disabling aRFS under the priv-statelock, any scheduled aRFS operations are canceled using the cancelworksync function. This function waits for the operation to finish if it ha...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: bpf: Defer work in bpftimercancelandfree Currently, the same issue as in the previous patch two timer callbacks trying to cancel each other can also occur when using bpfmapupdateelem. More precisely, freeing elements containing...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: At the ata module, the issue with libata: the pending work is cancelled after clearing deferredqc. Syzbot reported a WARNON in atascsideferredqcwork, caused by ap-ops-qcdefer returning a non-zero value before issuing the deferred...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: net: seeq: Fixed the use-after-free vulnerability in the ether3 Driver due to race conditions. In the ether3probe function, a timer is initialized using a callback function called ether3ledoff, which is bound to &prevdev-timer...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: net/smc: fixed a deadlock caused by canceldelayedworksyn The following LOCKDEP was detected: Workqueue: events smclgrfreework smc WARNING: a circular locking dependency was detected...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: BPF: Cancel the running BPF timer through kworker for PREEMPTRT During the update process, when overwriting an element in a pre-allocated htab, the freeing of oldelement is protected by the bucket lock. The reason why the bucket...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ublk: Fixed a race condition between iouringcmdcompleteintask and ublkCancelCmd. The ublkCancelCmd function calls iouringcmdDone to complete the uring command. However, we might have scheduled task operations via...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: - dm cache: Fixed UAF in the destroy function. - Dmcache also has the same UAF issue when dmresume and dmdestroy are executed concurrently. Therefore, the timer is canceled again in the destroy function...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: perf/core: Fixed a system hang caused by CPU-clock usage. CPU-clock usage by the async-profiler tool can trigger a system hang. This issue was fixed starting with the following commit by Octavia Togami: 18dbcbfabfff “perf: Fixed...
Siemens RUGGEDCOM RST2428P Multiple Releases of Same Resource or Handle (CVE-2025-40261)
In the Linux kernel, the following vulnerability has been resolved: nvme: nvme-fc: Ensure -ioerrwork is cancelled in nvmefcdeletectrl nvmefcdeleteassocation waits for pending I/O to complete before returning, and an error can cause -ioerrwork to be queued after cancelworksync had been called. Mov...
CVE-2026-53438
A flaw was found in Jenkins. A missing permission check allows an attacker, who has 'Item/Cancel' permission but lacks 'Item/Read' permission, to cancel queue items they are not authorized to view. This could lead to unauthorized disruption of queued tasks within Jenkins...
CVE-2026-53438
A missing permission check in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allows attackers with Item/Cancel permission, but lacking Item/Read permission, to cancel queue items they do not have permission to view...
CVE-2026-53438
A missing permission check in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allows attackers with Item/Cancel permission, but lacking Item/Read permission, to cancel queue items they do not have permission to view...
PT-2026-48423
Name of the Vulnerable Software and Affected Versions Jenkins versions prior to 2.568 Jenkins LTS versions prior to 2.555.3 Description A missing permission check allows attackers who possess the Item/Cancel permission, but lack the Item/Read permission, to cancel queue items that they are not...